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(1) Real Party in Interest 

A statement identifying by name the real party in interest 
is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals , 
interferences, or judicial proceedings which will directly 
affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the 
brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after 
final rejection contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the 
brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be 
reviewed on appeal is correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix 
to the brief is correct. 
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(8) Evidence Relied Upon 

Provino U.S. Patent Number (6557037). 

(9) Grounds of Rejection 

The following ground (s) of rejection are applicable to the 
appealed claims: 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs 
of 35 U.S.C. 102 that form the basis for the rejections under 
this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for 
patent by another filed in the United States before the invention thereof by 
the applicant for patent, or on an international application by another who has 
fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of 
this title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American 
Inventors Protection Act of 1999 (AIPA) and the Intellectual 
Property and High Technology Technical Amendments Act of 20*02 do 
not apply when the reference is a U.S. patent resulting directly 
or indirectly from an international application filed before 
November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the- 
amendment by the AIPA (pre-AIPA 35 U.S.C. 102(e)). 
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Claims 1-13 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Provino U.S. Patent Number (6557037). 

As per claim 1, 8-12, Provino teaches a method for enabling a 
user registered in an Network Access Server as already connected 
to a host Virtual Private Network (authorized users 12m' =m 
connected VPN 15 via ISP 11) to communicate with at least one 
communication device outside of said host Virtual Private 
Network (communicate devices 13 or arrows 16 "TO/ FROM OTHER 
ISP'S col. 5, lines 43 to col. 6, line 28 and col. 13, lines 26- 
53) , said Network Access Server having access over a data 
communication network (internet 14) to said communication device 
and to a plurality of Virtual Private Networks including said 
host Virtual Private Network (network 15 and other private 
networks connected to internet 14, fig. 1 col. 6, 43-65), where 
said method comprises; 

detecting a message being sent from said user and to said 
communication device while said user is currently connected to 
said host Virtual Private Network (receiving a message destined 
to devices in the private network by firewall 30 via the secure 
tunnel col. 5, lines 43-65. See also col. 12, lines 1-40 and 
col. 9, lines 46 to col. 10, line 33); 

directing said message to a logical channel between said 
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Network Access Server and said communication device (see logical 
channel 41-44 fig. 1; col. 3, lines 38-46 and col. 4, lines 23- 
65 and col. 9, lines 46 to col. 10, line 33), wherein said 
logical channel has, as a logical identifier, an identifier of 
said host Virtual Private Network to which said user currently 
connected (secure channel (40,42 and 44) is established between 
device 12 (m) and device within VPN network 15 (col. 9, lines 6- 
65 and col. 15,1 lines 21-65). The transferred message packet 
contains header portion that identifies the source and 
destination address. Because authorized external devices connect 
the VPN network via a logical channel as shown in fig. 1, it is 
inherent that the established connection of device 12 (m) uses an 
identified and recognized/approved logical connection (via 
tunneling protocol) (col. 3, line 59 to col. 4, lines 14 and 
col. 5, lines 43-65. see also col. 12, lines 1-40). 

As per claim 2-3, Provino teaches the invention comprising: 

detecting a message from said communication device being 
received at said Network Access Server on the logical channel 
having, as logical channel identifier, the identifier of a 
Virtual Private Network, said message containing a user 
destination address (The transferred message packet contains 
header portion that identifies the source and destination 
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address col. 3, line 59 to col. 4, lines 14 and col. 5, lines 
43-65. see also col. 9, lines 46 to col. 10, line 33 and col. 
12, lines 1-40); determining a user registered in said Network 
Access Server as already connected to said Virtual Private 
Network and corresponding to said destination address 
(authorized user access the VPN network col. 9, lines 46-65); 
and forwarding said message from said Network Access Server to 
said user (col. 5, lines 1-59). 

As per claim 4, Provino teaches the method according to claim 1, 
wherein said messages belonging to the communication between 
said user and said communication device are encapsulated in data 
packets, said data packets comprising a field containing said 
identifier of said host Virtual Private Network or an indication 
derived of said identifier (col. 3, lines 1-9 and col. 5, lines 
1-59) . 

As per claim 5, Provino teaches the method according to claim 4, 
wherein said messages belonging to the communication between 
said user and said communication device are sent over a tunnel, 
wherein said tunnel has, as a tunnel identifier, said identifier 
of said host Virtual Private Network as tunnel identifier (to 
establish a secure tunnel one must use identifiers of the 
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connected entities fig. 1 and col. 5, lines 43-59; col. 12, 
lines 1-40 and col. 9, lines 46 to col. 10, line 33). 
As per claim 6, Provino teaches the method according to claim 1, 
wherein said messages contain IP packets comprising an IP 
address of said user (col. 3, lines 62 to col. 4, line 14). 

As per claim 7, Provino teaches the method according to claim 1, 
wherein said communication device is a server belonging to a 
Virtual Private Network, called local Virtual Private Network, 
associated to said Network Access Server and different from said 
host Virtual Private Network (col. 9, 6-45 and col. 11, lines 46 
to col. 12, line 16. 

As per claim 13, Provino teaches forwarding engine that forwards 
message from logical controller to said user after user has been 
identified (col. 9, lines 32-65). 

(10) Response to Argument 

In response to Appellant's statement (page 11, first paragraph) 
"The central concept of the present invention is that a Network 
Access Server (NAS) 131 in Fig. 1 serving plural users 111 and 
112 each connected to a different VPN (e.g., 152 and 153 in Fig. 
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1) , may assign the same IP address to each of the users, and 
when the NAS 131 sends a message from a user to a destination 
outside of the VPN to which that user is connected, it can 
continue to use the IP address of the sender as the return 
address, but it can set up a logical channel that is uniquely 
associated with the VPN to which the sender is connected. At the 
receive end, the logical channel identifier of the logical 
channel may have no particular significance. But when the 
receive end sends a reply to the IP address indicated as the 
source of the original message, it will be directed back on the 
same logical channel to NAS 131, and NAS 131 will be able to 
uniquely identify the user 111 from the combination of the IP 
address and the VPN associated with the logical channel." 

Examiner notes that the main features in the above statement are 
not recited in the claims. For example, the feature of assigning 
" the same IP address to each of the users, and when the NAS 131 
sends a message from a user to a destination outside of the VPN 
to which that user is connected, it can continue to use the IP 
address of the sender as the return address, ..." and "... when 
the receive end sends a reply to the IP address indicated as the 
source of the original message, it will be directed back on the 
same logical channel to NAS 131, and NAS 131 will be able to 
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uniquely identify the user 111 from the combination of the IP 
address and the VPN associated with the logical channel." are 
not recited in the claims. 

Examiner notes the preamble of claim 1 recites an intended use 
feature such as a method for enabling a user registered in a 
Network Access Server as already connected to host VPN to 
communicate with a device outside of a host VPN. Similarly, 
Provino's invention enables a VPN connected devices to access 
other devices outside the VPN network as shown in fig. 1 (see 
outside device connected to arrows 16 "TO/FROM OTHER ISP'S" and 
external device 13. See also the rejection below). 

In page 11 last paragraph to page 12 first paragraph and page 
13, it appears that the applicant is arguing that Provino does 
not teach a user connected to the VPN 15 does not also connect 
to an outside device. However, the Appellant recognizes that 
Provino's device to 12 (m) communicates with external devices 
along paths 16 "TO/FROM ACCESSED DEVICES" in Fig. 1 (see page 
12, first paragraph where the Appellant states. "For purposes of 
this appeal it can be accepted that there will be an occasion on 
which one of the users 12 (m) will communicate with a device' 
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along the paths labeled as "TO /FROM ACCESSED DEVICES" in Fig. 
1." 

The Appellant continues to argue in page 12, firs paragraph "But 
in order for there to be anticipation, there must be a teaching 
in Provino that such a user is maintaining its connection to the 
VPN 15 while at the same time communicating with one of these 
other devices. There is no such discussion in Provino." 
Examiner notes that Appellant's statement in page 11 last 
paragraph that " Provino teaches a plurality of users (12(1) to 
12 (M) ) served by a network access server (ISP 11), and discusses 
how one of these users 12 (m) can communicate with a device 
within VPN 15 by sending to the firewall 30 a network address 
request message, the firewall 30 forwards the request to a name 
server 32, the name server replies to the firewall with the 
network address, and the firewall 30 returns this network 
address to the user 12 (m) for use in subsequent 
communications..." is a correct statement. However, the 
Appellant missed the point that the returned network address to 
the user 12 (m) also corresponds to the human-readable Internet 
address for device 13 external to the VPN 15 . (See col. 13, 
lines 46-53 and col. 14, lines 27-56). 
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In summary, Provinces invention is very similar to Appellant's 
invention in so many ways: 

A- device 12 (m) connects to servers 31 and 32 located in VPN 15 
via tunnel/logical connections 40, 42 and 44 over Internet 14 
(see fig. 1 devices 12(1) to 12 (m) , VPN 15 and device 13). 

B- device 12 (m) sends a service request to access device 13 
(external to VPN 15 see fig. 1). The request is detected and 
forwarded to Name servers 17 or VPN name server 32. An IP 
address is returned corresponding to a requested human-readable 
address of device 13 (see col. 13, lines 2-67). Once the 
communication is established between device 12 (m) and device 13 
or any external devices connected to outside ISP through arrows 
16 of fig. 1, a logical identifiers such 41-44 take the message 
to the particular requesting device 12(1) to 12 (m) depending on 
destination and source address as identified by the TCP/IP 
header information (see col. 5, lines 43-65; col. 6, lines 51 to 
col. 7, line 21 and col. 9, lines 6-65). 

A relevant example to Provino and Appellant's invention is a 
typical USPTO employee with a government laptop configured to 
access the Patent Office from his home via a VPN or a sales 
person with a corporate laptop connecting to his headquarters 
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via VPN connection- During the VPN connection with the Patent 
Office the employee is authenticated and messages are exchanged 
via secure tunnel (logical connection) . At the same time while 
the employee or the sales person is connected to the company or 
(USPTO) , the employee or the sales person can also connect to an 
outside computer via the Internet such as google website 
(www.google.com) or Yahoo website (for example by making a query 
or search) . The results of the query are returned to the user 
from the outside network such as Yaahoo.com or google.com server 
to the user via an identified channel depending on the Internet 
Service Provider of the user in combination of the already VPN 
connection with the headquarters. 

The Appellant also argues "there is also the problem that even 
in the secure tunnel communications there is no suggestion that 
the ISP 11, which the examiner equates with the claimed network 
access server, will establish a logical channel to such other 
external device, and will use a logical channel identifier an 
identifier of the VPN 15." Examiner respectfully disagrees. For 
example, Provino shows logical channel between device 12 (m) , ISP 
11, Internet 14, arrows 16 "TO/ FROM OTHER ISP'S" and VPN 15, 
"Communications between devices external to the virtual private 
network 15, such as device 12 (m) , and a device, such as a server 
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31 (s), inside the virtual private network 15, may be maintained 
over a secure tunnel between the firewall 30 and the external 
device as described above to maintain the information 
transferred there between secret while being transferred over 
the Internet 14 and through the ISP 11. A secure tunnel between 
device 12 (m) and virtual private network 15 is represented in 
FIG. 1 by logical connections identified by reference numerals 
40, 42, and 44; it will be appreciated that the logical 
connection 42 comprises one of the logical connections 41 
between ISP 11 and Internet 14, and logical connection 44 
comprises one of the logical connections 43 between the Internet 
14 and the firewall 30." (Col. 9, lines 32-65; col. 5, lines 42- 
65 and col. 13, lines 22-67). 

Independent claims 8-10 and 12 include essentially the same 
limitations (see page 13 second paragraph of the Appeal Brief) . 
Therefore the same response to claim 1 above applies. 

(11) Related Proceeding (s) Appendix 

No decision rendered by a court or the Board is identified 
by the examiner in the Related Appeals and Interferences section 
of this examiner's answer. 
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For the above reasons, it is believed that the rejections 
should be sustained- 
Respect fully submitted, 




Conferees : 





SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



